DDoS attackers use large CCTV botnet for attacks

Security company Securi has warned of a new kind of DDoS attack, which involves digital video recorders and CCTV cameras. The company observed the traffic of a jewellery shop website and found out that over 25,000 hacked internet-connected CCTV cameras are being used for a denial-of-service botnet. The DDoS had been generating 35,000 HTTP requests per second.

"It all started with a small bricks and mortar jewellery shop that signed up with us to help protect their site from a DDoS that had taken them down for days. By switching their DNS to the Sucuri Network, we were able to quickly mitigate the attack for them," the company said in a blog post.

"It was a layer 7 attack (HTTP flood) generating close to 35,000 HTTP requests per second which was more than their web servers could handle. Normally, this would be the end of the story. The attack would be mitigated, the attackers would move on after a few hours, and the website owner would be happy.

"It is not new that attackers have been using IoT devices to start their DDoS campaigns. However, we have not analyzed one that leveraged only CCTV devices and was still able to generate this quantity of requests for so long."

Sucuri believes the CCTV devices may have been hacked via the remote code execution (RCE) flaw recently found to affect CCTV-DVR devices sold by some vendors.